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1 DETAILED ACTION 

2 
3 

4 Claims 1 - 74 are pending. 

5 Claims 46 - 59 and 62 - 71 are withdrawn from consideration. 
6 



7 Claim Rejections - 35 USC § 1 12 

8 

9 The following is a quotation of the second paragraph of 35 U.S. C. 112: 

1 0 The specification shall conclude with one or more claims particularly pointing out and distinctly 

1 1 claiming the subject matter which the applicant regards as his invention. 
12 

13 Claim 74 is rejected under 35 U.S.C. 112, second paragraph, as being 

14 indefinite for failing to particularly point out and distinctly claim the subject 

15 matter which applicant regards as the invention. 

16 Claim 74 recites the term a "second-to-first node security association". This term 

17 is indefinite because the specification does not clearly define the term and such term is 

1 8 not common to those of ordinary skill in the art. Thus, claim 74 is rendered indefinite. 
19 

20 Claim Rejections - 35 USC § 102 

21 

22 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 

23 form the basis for the rejections under this section made in this Office action: 

24 A person shall be entitled to a patent unless - 
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1 (e) the invention was described in (1) an application for patent, published under section 122(b), by 

2 another filed in the United States before the invention by the applicant for patent or (2) a patent 

3 granted on an application for patent by another filed in the United States before the invention by the 

4 applicant for patent, except that an international application filed under the treaty defined in section 

5 351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 

6 only if the international application designated the United States and was published under Article 21(2) 

7 of such treaty in the English language. 
8 

9 Claims 1, 2, 5, 6, 8, 12 - 15, 17 - 22, 45, 61, and 71 - 74 are rejected under 35 



10 U.S.C. 102(e) as being anticipated by Aziz et al. (Aziz), "Method and Apparatus for 

1 1 Providing Secure Communication with a Relay in a Network", U.S. Patent 

12 6,643,701. 

13 

14 Regarding claim 1 , Aziz discloses: 

1 5 a first node; a second node; and at least one intermediate node between said 

1 6 first and second nodes; wherein said first and second nodes are ar-ranged configured to 

1 7 be in communication and said first and second nodes have a first security association 

1 8 and one of said at least one intermediate node and said second node have a second 

19 security association (fig. 2:210, 230); and wherein said first security association 



20 authenticate s is configured to authenticate said second node to said first node and said 

2 1 second security association a uth e nti cates is configured to authenticate said at least one 

22 intermediate node to said second node (1 : 64-2:2; claim 3). 
23 

24 Regarding claim 2, Aziz discloses: 

25 wherein at least one of said first and second security association comprise 

26 presenting at least one certificate to a respective one of said nodes for authentication 

27 (claim 3; 5:1-22). 
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1 

2 Regarding claim 5, Aziz discloses: 

3 wherein said at least one intermediate node inspects information sent between 

4 said first and second nodes (9:31 -39). 
5 

6 Regarding claim 6, Aziz discloses: 

7 wherein said at least one of intermediate nodes modifies information sent 

8 between said first and second nodes (9:31 -39). 
9 

10 Regarding claim 8, Aziz discloses: 

1 1 wherein said first node is attached to a packet switched network (Abstract). 
12 

13 • Regarding claim 12, Aziz discloses: 

1 4 wherein said first node comprises a client device (Abstract). 
15 

16 Regarding claim 13, Aziz discloses: 

1 7 wherein at least one of said first and second security association comprises 

1 8 encryption (claim 3; 5: 1 -22). 
19 

20 Regarding claim 14, Aziz discloses: 

21 wherein said one of said at least one said intermediate node is configured to 

22 pass data packets from at least one of said first node to at least one of said second 
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1 node and from at least one of said second node to at least one of said first node (fig. 2, 

2 6). 
3 



4 Regarding claim 15, Aziz discloses: 

5 wherein said at least one intermediate node is arranged in a network gateway 

6 node (fig. 2, 6; 9:31-39 - Aziz discloses the node in the form of a network gateway and 

7 thus a "node arranged in a network gateway"). 
8 

9 Regarding claims 1 7 - 20, Aziz discloses: 

1 0 wherein said second node is connected to said gateway node; wherein said 



1 1 client device comprises a computer, user equipment, mobile station, or personal digital 

1 2 assistant; wherein said second node comprises a serve; wherein said second node is 

1 3 configured to provide a service to said first node (fig. 2; col. 7). 
14 

15 Regarding claims 2.1 and 22, Aziz discloses: 

1 6 wherein the first node is configured to send a first connection message to the second 

1 7 node; wherein said first connection message comprises a Transmission Control 

1 8 Protocol connection message (6: 1 1 -26; 7:24-67). 
19 

20 Regarding claim 45, Aziz discloses: 

2 1 wherein said second security association is established before said first security 

22 association (5:1 -22,34-41). 
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1 

2 Regarding claim 61 , Aziz discloses: 

3 wherein said first node comprises an Secure Socket Layer Client node (fig. 2). 
4 

5 Regarding claims 71 - 74, they appear to comprise essentially similar limitations 

6 as are found in the above rejected claims. Claims 71 - 74 are rejected, at least, for the 

7 same reasons shown above. 
8 

9 Claim Rejections - 35 USC § 103 

10 

1 1 The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 

12 obviousness rejections set forth in this Office action: 

13 (a) A patent may not be obtained though the invention is not identically disclosed or described as set 

1 4 forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 

1 5 the prior art are such that the subject matter as a whole would have been obvious at the time the 

1 6 invention was made to a person having ordinary skill in the art to which said subject matter pertains. 

1 7 Patentability shall not be negatived by the manner in which the invention was made. 

18 

19 Claims 7, 9 - 11 are rejected under 35 U.S.C. 103(a) as being unpatentable 

20 over Aziz. 

21 

22 Regarding claims 7, 1 0, and 1 1 , Aziz discloses that the plurality of client nodes 

23 are wireless communication devices (i.e. cell phones - 7:4-18), however, Aziz does not 

24 explicitly state that the wireless communication devices are "attached to a wireless 

25 network". However, the notion of a wireless communication device as attached to a 

26 wireless network would have been obvious to one of ordinary skill in the art. This would 
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1 have been obvious to one of ordinary skill because it was both well known in the art for 

2 wireless devices to be attached to wireless networks and easily within the rational 

3 sensibility of one of ordinary skill to recognize that wireless communication devices 

4 communicate wirelessly ("a wireless network"). 
5 

6 Regarding claim 9, it is rejected, at least, for the same reasons as claim 7, and 

7 furthermore because it was well known to those of ordinary skill in the art for cellular 

8 networks to operate within a GPRS standard. 
9 

10 Claims 3, 4, 23 - 43, and 60 are rejected under 35 U.S.C. 103(a) as being 

1 1 unpatentable over Aziz in view of Dierke et al. (Dierke), "The TLS Protocol", RFC 

12 2246. 

13 

14 Regarding claims 3 and 4, Aziz states the use of certificates according to the 

15 SSL or TLS standard protocol. However, Aziz does not explicitly state that the 

16 certificate is a cryptographic certificate. Dierke however discloses that the certificates 

17 used within the TSL protocol comprise X.509 certificates (Dierke, pg. 23). It would have 

1 8 been obvious to recognize the teachings of Dierke within the system of Aziz, as one of 

19 ordinary skill in the art would have been motivated to operate according to the disclosed 

20 standard of TLS. 
21 
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1 Regarding claims 23 and 24, Aziz states the use of the SSL or TLS standard 

2 protocols. However, Aziz does not explicitly state each and every technical detail of the 

3 SSL or TLS protocol. Dierke however discloses the technical details of the TLS 

4 protocol, including details regarding session establishment (Dierke, pg. 2). It would 

5 have been obvious to recognize the teachings of Dierke within the system of Aziz, as 

6 one of ordinary skill in the art would have been motivated to operate according to the 

7 disclosed standard of TLS. 



8 Thus the combination enables: 

9 wherein the first node is configured to send a hello message to the at least one 

1 0 intermediate node; wherein said hello message comprises a Secure Socket Layer 

1 1 protocol handshake message (Dierke, pgs. 32-36). 
12 

1 3 Regarding claims 25 - 26, the combination enables: 

1 4 wherein the at least one intermediate node is configured to make a copy of at 

1 5 least a part of said hello message, wherein said at least one intermediate node is 

16 configured to send said hello message to the second node (4:45-59). 
17 

18 Regarding claim 27, it is rejected, at least, for the same reasons as claim 23 and 

19 24. Thus, the combination enables wherein the second node is configured to send a 

20 hello message to the said at least one intermediate node (Dierke, pgs. 32-36). 
21 

22 Regarding claims 28 - 34, the combination enables: 
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1 wherein said at least one intermediate node is configured to send a handshake 

2 message to the second node in response to receiving said hello message from said 

3 second node, wherein said second node is configured to respond to said handshake 

4 message, wherein said response comprises a Secure Socket Layer protocol handshake 

5 message, wherein said handshake message sent to the second node comprises a 

6 Secure Socket Layer protocol handshake message, wherein said handshake messages 

7 are configured to create said second security association, wherein said handshake 

8 message sent by said one of said at least one intermediate node comprises a client 

9 certificate, wherein said one of said at least one intermediate node is configured to 
1 0 create said client certificate when requested (Dierke, pgs. 32-36). 

11 

12 Regarding claim 35, the combination enables: 

1 3 wherein said one of said at least one intermediate node is configured to retrieve 

1 4 said client certificate from a storage device (Aziz, 5:1 -22). 
15 

16 Regarding claims 36 - 38, the combination enables: 

1 7 wherein said at least one intermediate node and said second node are 

1 8 configured to generate at least one key to encrypt information sent between said at 

1 9 least one node and said second node, said at least one key being used in said second 

20 security association and wherein said first node and said second node are configured to 

21 generate at least one key to encrypt information sent there between said first node and 

22 said second node, said at least one key being used in said first security association 



Application/Control Number: 10/635,911 Page 10 

Art Unit: 2137 



1 wherein said at least one intermediate node is configured to create said at least one 

2 key only when requested (Dierke, pgs. 32-36; Aziz, 2:36-59). 
3 

4 Regarding claims 39 and 40, the combination enables: 

5 wherein said at least one intermediate node is configured to retrieve said at least 

6 one key from a storage device, wherein said at least one key is configured to be 

7 dependent on a client certificate (Dierke, pgs. 32-36; Aziz, 2:36-59, 5:1-22). 
8 

9 Regarding claims 41 and 42, the combination enables: 

1 0 wherein at least one said client certificate certifies a known node which is known 

1 1 to said at least one intermediate node, wherein said client certificate certifies a holder of 

12 a specified resource (Dierke, pgs. 32-36; Aziz, 2:36-59, 5:1-22; 6:12-27, 7:4-18). 
13 

14 Regarding claim 43, the combination does not explicitly state that a cellular 



1 5 telephone comprises one of an International Mobile Station Identity telephone number 

1 6 and a Mobile Station Integrated Service Digital Network telephone number. However, it 

1 7 was well known to those of ordinary skill in the art for a cellular telephone to comprise 

1 8 such a telephone number. This would have been obvious to one of ordinary skill in the 

1 9 art because such numbers allow cellular telephones to communicate within a network. 
20 

21 Regarding claim 60, the combination enables: 
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1 



wherein said second security association is based on data within said hello 



2 



message sent from said second node (Dierke, pgs. 32-36). 



3 



4 



Claim 16 is rejected under 35 U.S.C. 103(a) as being unpatentable over Aziz 



5 in view of Immonen et al. (Immonen), "Method and System for Conducting 

6 Wireless Payments", U.S. Patent Publication 2002/0077993. 

7 



9 communications between a client and server. Aziz discloses aspects related to the 

10 security of communications via the Internet, such as electronic shopping transactions 

1 1 performed between a mobile client (i.e. cell phone) and a merchant (i.e. e-commerce 

12 merchant) (Aziz, 1:40-63; 4:45-59; 7:4-17). Aziz does not explicitly state that the 

13 gateway can operate according to GPRS. Immonen discloses that gateways 

1 4 advantageously operate according to the WAP protocol, including providing support for 

1 5 GPRS, so as to facilitate the communications between a mobile client and a server 

16 (Immonen, par. 2-7). It would have been obvious to one of ordinary skill in the art to 

1 7 recognize the teachings of Immonen for a gateway operating as a GPRS support node. 

1 8 This would have been obvious because one of ordinary skill in the art would have been 

1 9 motivated to facilitate the communications between mobile clients and servers. 
20 

21 Claim 44 is rejected under 35 U.S.C. 103(a) as being unpatentable over the 

22 combination of Aziz and Dierke in view of Immonen et al. (Immonen), "Method 



8 



Regarding claim 16, Aziz discloses a gateway that serves to translate 
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1 and System for Conducting Wireless Payments", U.S. Patent Publication 

2 2002/0077993. 

3 



5 authenticated mobile clients may purchase or use services from servers. The 

6 combination, however, does not disclose all details specific to electronic commerce. 

7 Specifically, the combination does not explicitly state that at least one said client 

8 certificate authorizes said second node to charge said holder of said specified resource 

9 for services used or purchased. Immonen discloses that a client certificate authorizes 

10 said second node to charge said holder of said specified resource for services used or 

1 1 purchased (Immonen, par. 60). It would have been obvious to one of ordinary skill in 

12 ' the art to recognize the electronic commerce teachings of Immonen within the 

1 3 combination of Aziz and Dierke. This would have been obvious because one of 

1 4 ordinary skill in the art would have been motivated to incorporate in practice features of 

15 electronic commerce so as to allow a mobile client to purchase or use services. 



4 



Regarding claim 44, the combination of Aziz and Dierke discloses that 



16 



17 



Response to Arguments 



18 



19 



Applicant's arguments filed 8/8/07 have been fully considered but they are not 



20 



persuasive. 



21 



22 



Applicant argues or asserts primarily that: 
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1 

2 (i) . . .dependent claims 2-4, for example, where the first and second security 

3 associations are further defined as representing at least one certificate for 

4 authentication, a cryptographic certificate, and an X.509 certificate. Hence, when taken 

5 in proper context, Aziz's first and second end-to- end secure transmission links 210 and 

6 230 bears no structural nor functional similarity to Applicant's claimed the first and 

7 second security associations. (Remarks, pg. 21) 
8 

9 In response to applicant's argument that the references fail to show certain 

10 features of applicant's invention, it is noted that the features upon which applicant relies 

11 (i.e., the first and second security associations are further defined as representing at 

1 2 least one certificate for authentication, a cryptographic certificate, and an X. 509 

13 certificate) are not recited in the rejected claim(s). Although the claims are interpreted 

14 in light of the specification, limitations from the specification are not read into the claims. 

1 5 See In re Van Geuns, 988 F.2d 1 1 81 , 26 USPQ2d 1 057 (Fed. Cir. 1 993). 
16 

1 7 (ii) . . . Applicant respectfully asserts that Aziz is completely silent regarding any 

1 8 security association that resembles the first security association configured to 

1 9 authenticate the second node to the first node, or the second security association 

20 configured to authenticate the at least one intermediate node to the second node, as 

21 recited in claim 1 , for example. (Remarks, pg. 21-22) 
22 
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1 In response, the examiner respectfully points out that Aziz clearly discloses a 

2 security association configured to authenticate the second node to the first node and a 

3 second security association configured to authenticate the at least one intermediate 

4 node to the second node (Aziz, Abstract, lines 6-10). 

5 . 

6 (iii) Further, in the rejection the Office Action cited claim 3 of Aziz, which describes 

7 the end-to-end security links as one of a secure socket layer links and transport layer 

8 security links . . . there is no suggestion or description in Aziz indicating that the end-to- 

9 end secure transmissions 210 and 230 are capable of authenticating in the manners 
10 recited in Applicant's claim 1, for example. (Remarks, pg. 22) 

11 

12 In response, the examiner respectfully notes that the applicant appear to argue 

1 3 contrary to the applicant's own disclosure wherein the applicant teaches that security 

14 associations, such as those provided via SSL, are capable of authenticating (Applicant's 

1 5 Specification, par. 17, line 1 ). At least for this reason alone, the examiner finds the 

16 applicant's argument unpersuasive. 
17 

1 8 Election/Restrictions 

19 

20 This application contains claims 46 - 59 and 62 - 71 drawn to an invention 

21 nonelected with traverse in the reply filed on 4/19/07. A complete reply to the final 
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1 rejection must include cancellation of nonelected claims or other appropriate action (37 

2 GFR 1.144) See MPEP §821.01. 
3 

4 Conclusion 

5 

6 The prior art made of record and not relied upon is considered pertinent to 

7 applicant's disclosure: 
8 

9 See Notice of References Cited. 

10 

1 1 THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 

12 policy as set forth in 37 CFR 1.136(a). 

1 3 A shortened statutory period for reply to this final action is set to expire THREE 



14 MONTHS from the mailing date of this action. In the event a first reply is filed within 

1 5 TWO MONTHS of the mailing date of this final action and the advisory action is not 

16 mailed until after the end of the THREE-MONTH shortened statutory period, then the 

17 shortened statutory period will expire on the date the advisory action is mailed, and any 

18 extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 

19 the advisory action. In no event, however, will the statutory period for reply expire later 

20 than SIX MONTHS from the date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 



2 examiner should be directed to Jeffery Williams whose telephone number is (571 ) 272- 

3 7965. The examiner can normally be reached on 8:30-5:00. 



5 supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 

6 number for the organization where this application or proceeding is assigned is (703) 

7 872-9306. 



9 Patent Application Information Retrieval (PAIR) system. Status information for 

10 published applications may be obtained from either Private PAIR or Public PAIR. 

1 1 Status information for unpublished applications is available through Private PAIR only. 

12 For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 

13 you have questions on access to the Private PAIR system, contact the Electronic 

1 4 Business Center (EBC) at 866-21 7-91 97 (toll-free). 
15 

.16 

17 J.Williams 

18 AU:2137 



4 



If attempts to reach the examiner by telephone are unsuccessful, the examiner's 



8 



Information regarding the status of an application may be obtained from the 



19 
20 
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